Multiple use-after-free vulnerabilities in SPL in PHP prior to 5.4.44, 5.5.x prior to 5.5.28, and 5.6.x prior to 5.6.12 allow remote malicious users to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |